| Index: sandbox/linux/seccomp-bpf/sandbox_bpf.cc
|
| diff --git a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
|
| index 239043eb270d57b8b60df714323f5a166a380ede..6c6912afb4451a776025a906543c8992cb41616b 100644
|
| --- a/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
|
| +++ b/sandbox/linux/seccomp-bpf/sandbox_bpf.cc
|
| @@ -4,12 +4,6 @@
|
|
|
| #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
|
|
|
| -// Some headers on Android are missing cdefs: crbug.com/172337.
|
| -// (We can't use OS_ANDROID here since build_config.h is not included).
|
| -#if defined(ANDROID)
|
| -#include <sys/cdefs.h>
|
| -#endif
|
| -
|
| #include <errno.h>
|
| #include <sys/prctl.h>
|
| #include <sys/types.h>
|
| @@ -22,6 +16,7 @@
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/posix/eintr_wrapper.h"
|
| #include "base/third_party/valgrind/valgrind.h"
|
| +#include "sandbox/linux/bpf_dsl/bpf_dsl.h"
|
| #include "sandbox/linux/bpf_dsl/codegen.h"
|
| #include "sandbox/linux/bpf_dsl/policy.h"
|
| #include "sandbox/linux/bpf_dsl/policy_compiler.h"
|
| @@ -115,6 +110,14 @@ uint64_t EscapePC() {
|
| return static_cast<uint64_t>(static_cast<uintptr_t>(rv));
|
| }
|
|
|
| +intptr_t SandboxPanicTrap(const struct arch_seccomp_data&, void* aux) {
|
| + SANDBOX_DIE(static_cast<const char*>(aux));
|
| +}
|
| +
|
| +bpf_dsl::ResultExpr SandboxPanic(const char* error) {
|
| + return bpf_dsl::Trap(SandboxPanicTrap, error);
|
| +}
|
| +
|
| } // namespace
|
|
|
| SandboxBPF::SandboxBPF(bpf_dsl::Policy* policy)
|
| @@ -225,6 +228,7 @@ scoped_ptr<CodeGen::Program> SandboxBPF::AssembleFilter(
|
| if (Trap::SandboxDebuggingAllowedByUser()) {
|
| compiler.DangerousSetEscapePC(EscapePC());
|
| }
|
| + compiler.SetPanicFunc(SandboxPanic);
|
| return compiler.Compile(force_verification);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 1310773006:
Update sandbox/linux from upstream (Closed)
Base URL: ssh://ssh.github.com/domokit/mojo.git@master